Proceedings of the AAAI Conference on Artificial Intelligence
In attempts to "explain" predictions of machine learning models, researchers have propo... more In attempts to "explain" predictions of machine learning models, researchers have proposed hundreds of techniques for attributing predictions to features that are deemed important. While these attributions are often claimed to hold the potential to improve human "understanding" of the models, surprisingly little work explicitly evaluates progress towards this aspiration. In this paper, we conduct a crowdsourcing study, where participants interact with deception detection models that have been trained to distinguish between genuine and fake hotel reviews. They are challenged both to simulate the model on fresh reviews, and to edit reviews with the goal of lowering the probability of the originally predicted class. Successful manipulations would lead to an adversarial example. During the training (but not the test) phase, input spans are highlighted to communicate salience. Through our evaluation, we observe that for a linear bag-of-words model, participants with a...
Proceedings of the AAAI Conference on Artificial Intelligence
With smart-phones becoming increasingly commonplace, there has been a subsequent surge in applica... more With smart-phones becoming increasingly commonplace, there has been a subsequent surge in applications that continuously track the location of users. However, serious privacy concerns arise as people start to widely adopt these applications. Users will need to maintain policies to determine under which circumstances to share their location. Specifying these policies however, is a cumbersome task, suggesting that machine learning might be helpful. In this paper, we present a user-controllable method for learning location sharing policies. We use a classifier based on multivariate Gaussian mixtures that is suitably modified so as to restrict the evolution of the underlying policy to favor incremental and therefore human-understandable changes as new data arrives. We evaluate the model on real location-sharing policies collected from a live location-sharing social network, and we show that our method can learn policies in a user-controllable setting that are just as accurate as policie...
Proceedings on Privacy Enhancing Technologies, 2022
Browsing privacy tools can help people protect their digital privacy. However, tools which provid... more Browsing privacy tools can help people protect their digital privacy. However, tools which provide the strongest protections—such as Tor Browser—have struggled to achieve widespread adoption. This may be due to usability challenges, misconceptions, behavioral biases, or mere lack of awareness. In this study, we test the effectiveness of nudging interventions that encourage the adoption of Tor Browser. First, we test an informational nudge based on protection motivation theory (PMT), designed to raise awareness of Tor Browser and help participants form accurate perceptions of it. Next, we add an action planning implementation intention, designed to help participants identify opportunities for using Tor Browser. Finally, we add a coping planning implementation intention, designed to help participants overcome challenges to using Tor Browser, such as extreme website slowness. We test these nudges in a longitudinal field experiment with 537 participants. We find that our PMT-based inter...
Despite experts agreeing on many security best practices, there remains a gap between their advic... more Despite experts agreeing on many security best practices, there remains a gap between their advice and users' behavior. One example is the low adoption of secure mobile payments in the United States, despite widespread prevalence of credit and debit card fraud. Prior work has proposed nudging interventions to help users adopt security experts' recommendations. We designed and tested nudging interventions based on protection motivation theory (PMT) and implementation intentions (II) to encourage participants to use secure mobile payments. We designed the interventions using an interview study with 20 participants, and then tested them in a longitudinal, between-subjects field experiment with 411 participants. In one condition, drawing on PMT, we informed participants about the threat of card fraud and the protection offered by mobile payments. In a second condition, we combined the PMT intervention with an II-based intervention, and asked participants to formulate a plan to m...
Modern smartphone platforms have millions of apps, many of which request permissions to access pr... more Modern smartphone platforms have millions of apps, many of which request permissions to access private data and resources, like user accounts or location. While these smartphone platforms provide varying degrees of control over these permissions, the sheer number of decisions that users are expected to manage has been shown to be unrealistically high. Prior research has shown that users are often unaware of, if not uncomfortable with, many of their permission settings. Prior work also suggests that it is theoretically possible to predict many of the privacy settings a user would want by asking the user a small number of questions. However, this approach has neither been operationalized nor evaluated with actual users before. We report on a field study (n=72) in which we implemented and evaluated a Personalized Privacy Assistant (PPA) with participants using their own Android devices. The results of our study are encouraging. We find that 78.7% of the recommendations made by the PPA ...
Online privacy policies are the primary mechanism for informing users about data practices of onl... more Online privacy policies are the primary mechanism for informing users about data practices of online services. In practice, users ignore privacy policies as policies are long and complex to read. Since users do not read privacy policies, their expectations regarding data practices of online services may not match a service's actual data practices. Mismatches may result in users exposing themselves to unanticipated privacy risks such as unknowingly sharing personal information with online services. One approach for mitigating privacy risks is to provide simplified privacy notices, in addition to privacy policies, that highlight unexpected data practices. However, identifying mismatches between user expectations and services' practices is challenging. We propose and validate a practical approach for studying Web users' privacy expectations and identifying mismatches with practices stated in privacy policies. We conducted a user study with 240 participants and 16 websites, ...
Simulatd Annealing (SA) procedures can potentially yield near-optimal solutions to many difficult... more Simulatd Annealing (SA) procedures can potentially yield near-optimal solutions to many difficult combinatorial optimization problems, though often at the expense of intensive computational efforts. The single most significant source of inefficiency in SA search is the inherent stochasticity of the procedure typically requiring that the procedure be rerun a large number of times before a near-optimal solution is found. This paper describes a mechanism that atteinpls to learn the structure of the search space over multiple SA runs on a given problem. Specifically, probability distributions are dynamically updated over multiple runs to estimate at different checkpoints how promising a SA run appears to be. Based on this mechanism, two types of criteria are developed that aim at increasing search efficiency: (1) a cutoff criterion used to determine when to abandon unpromising runs and (2) restart criteria used to determine whether to start a fresh SA run or restart search in the middle...
Nous montrons comment les mécanismes de confidentialité peuvent évoluer pour exploiter les modèle... more Nous montrons comment les mécanismes de confidentialité peuvent évoluer pour exploiter les modèles orientés ontologie et suivre le déploiement de Webs sémantiques. Testée dans le projet myCampus, l'architecture distribuée que nous présentons ici repose sur des règles pour le Web sémantique et le respect de la confidentialité ainsi que des services Web pour représenter les ressources personnelles et publiques. Des agents logiciels gèrent les échanges, notamment les agents e-Wallets responsables des ressources des utilisateurs.
Over the past few years, reverse auctions have attracted a lot of attention in the AI community. ... more Over the past few years, reverse auctions have attracted a lot of attention in the AI community. They offer the prospect of more efficiently matching suppliers and producers in the face of changing market conditions. Prior research has generally ignored the temporal and finite capacity constraints under which reverse auctioneers typi-cally operate. In this paper, we consider the problem faced by a reverse auctioneer (e.g. a manufacturer) that can procure key components or services from a number of possible suppliers through multi-attribute reverse auctions. This problem can also be viewed as a static abstraction of the procurement problem faced by agents in the new TAC'03 Supply Chain Trading Competition. Bids submitted by prospective suppliers include a price and a delivery date. The reverse auctioneer has to select a combination of supplier bids that will maximize its overall profit, taking into ac-count its own finite capacity and the prices and delivery dates offered by diff...
Earlier research in job shop scheduling has demonstrated the advantages of opportunistically comb... more Earlier research in job shop scheduling has demonstrated the advantages of opportunistically combining order-based and resource-based scheduling techniques. An even more flexible approach is investigated where each activity is considered a decision point by itself. Heuristics to opportunistically select the next decision point on which to focus attention (i.e., variable ordering heuristics) and the next decision to be tried at this point (i.e., value ordering heuristics) are described that probabilistically account for both activity precedence and resource requirement interactions. Preliminary experimental results indicate that the variable ordering heuristic greatly increases search efficiency. While least constraining value ordering heuristics have been advocated in the literature, the experimental results suggest that other value ordering heuristics combined with our variable-ordering heuristic can produce much better schedules without significantly increasing search.
CMU-ISR-17-118 / CMU-LTI-17-010--Privacy policies notify Internet users about the privacy practic... more CMU-ISR-17-118 / CMU-LTI-17-010--Privacy policies notify Internet users about the privacy practices of websites, mobile apps, and other products and services. However, users rarely read them and struggle to understand their contents. Also, the entities that provide these policies are sometimes unmotivated to make them comprehensible. Recently, annotated corpora of privacy policies have been introduced to the research community. They open the door to the development of machine learning and natural language processing techniques to automate the annotation of these documents. In turn, these annotations can be passed on to interfaces (e.g., web browser plugins) that help users quickly identify and understand relevant privacy statements. We present advances in extracting privacy policy paragraphs (termed segments in this paper) and individual sentences that relate to expert-identified categories of policy contents, using methods in supervised learning. In particular, we show that relevan...
As companies increasingly customize their products, move towards smaller lot production and exper... more As companies increasingly customize their products, move towards smaller lot production and experiment with more flexible customer/supplier arrangements, they increasingly require the ability to respond quickly, accurately and competitively to customer requests for bids on new products and efficiently work out supplier/subcontractor arrangements for these new products. This in turn requires the ability to rapidly convert standard-based product specifications into process plans and quickly integrate new orders with their process plans into existing production schedules across the supply chain. This paper describes IP3S, a blackboard-based agent for supporting integrated process planning/production scheduling across the supply chain. IP3S agents support concurrent development and dynamic revision of integrated process-planning/productionscheduling solutions across the supply chain, maintenance of multiple problem instances and solutions across the supply chain, flexible user-oriented ...
Mechanisms (especially on the Internet) have begun allowing people or organizations to express ri... more Mechanisms (especially on the Internet) have begun allowing people or organizations to express richer preferences in order to provide for greater levels of overall satisfaction. In this paper, we develop an operational methodology for quantifying the expected gains in economic efficiency associated with different forms of expressiveness. We begin by proving that the sponsored search mechanism (GSP) used by Google, Yahoo!, MSN, etc. can be arbitrarily inefficient. We then experimentally compare its efficiency to a slightly more expressive variant (PGSP), which solicits an extra bid for a premium class of positions. We generate random preference distributions based on published industry knowledge. We determine ideal strategies for the agents using a custom tree search technique, and we also benchmark using straightforward heuristic bidding strategies. The GSP's efficiency loss is greatest in the practical case where some advertisers ("brand advertisers") prefer top posit...
A key to agility in today's dynamic high-mix production environments is the ability to (1) ef... more A key to agility in today's dynamic high-mix production environments is the ability to (1) effectively coordinate production across multiple facilities, whether internal or external to the company, and (2) quickly and accurately evaluate new product/subcomponent designs and strategic business decisions (e.g., make-or-buy or supplier selection decisions) with regard to capacity and material requirements across the supply chain. This paper provides an overview of MASCOT ("Multi- Agent Supply Chain cOordination Tool"), a reconfigurable, multilevel, agent-based architecture for coordinated supply chain planning and scheduling aimed at supporting these functionalities. It reviews key innovative elements of the MASCOT architecture with a special emphasis on its support of real-time mixed-initiative "what-if " functionalities, enabling end-users at different levels within the architecture to rapidly evaluate alternative tradeoffs and their respective impact across t...
Proceedings of the AAAI Conference on Artificial Intelligence
In attempts to "explain" predictions of machine learning models, researchers have propo... more In attempts to "explain" predictions of machine learning models, researchers have proposed hundreds of techniques for attributing predictions to features that are deemed important. While these attributions are often claimed to hold the potential to improve human "understanding" of the models, surprisingly little work explicitly evaluates progress towards this aspiration. In this paper, we conduct a crowdsourcing study, where participants interact with deception detection models that have been trained to distinguish between genuine and fake hotel reviews. They are challenged both to simulate the model on fresh reviews, and to edit reviews with the goal of lowering the probability of the originally predicted class. Successful manipulations would lead to an adversarial example. During the training (but not the test) phase, input spans are highlighted to communicate salience. Through our evaluation, we observe that for a linear bag-of-words model, participants with a...
Proceedings of the AAAI Conference on Artificial Intelligence
With smart-phones becoming increasingly commonplace, there has been a subsequent surge in applica... more With smart-phones becoming increasingly commonplace, there has been a subsequent surge in applications that continuously track the location of users. However, serious privacy concerns arise as people start to widely adopt these applications. Users will need to maintain policies to determine under which circumstances to share their location. Specifying these policies however, is a cumbersome task, suggesting that machine learning might be helpful. In this paper, we present a user-controllable method for learning location sharing policies. We use a classifier based on multivariate Gaussian mixtures that is suitably modified so as to restrict the evolution of the underlying policy to favor incremental and therefore human-understandable changes as new data arrives. We evaluate the model on real location-sharing policies collected from a live location-sharing social network, and we show that our method can learn policies in a user-controllable setting that are just as accurate as policie...
Proceedings on Privacy Enhancing Technologies, 2022
Browsing privacy tools can help people protect their digital privacy. However, tools which provid... more Browsing privacy tools can help people protect their digital privacy. However, tools which provide the strongest protections—such as Tor Browser—have struggled to achieve widespread adoption. This may be due to usability challenges, misconceptions, behavioral biases, or mere lack of awareness. In this study, we test the effectiveness of nudging interventions that encourage the adoption of Tor Browser. First, we test an informational nudge based on protection motivation theory (PMT), designed to raise awareness of Tor Browser and help participants form accurate perceptions of it. Next, we add an action planning implementation intention, designed to help participants identify opportunities for using Tor Browser. Finally, we add a coping planning implementation intention, designed to help participants overcome challenges to using Tor Browser, such as extreme website slowness. We test these nudges in a longitudinal field experiment with 537 participants. We find that our PMT-based inter...
Despite experts agreeing on many security best practices, there remains a gap between their advic... more Despite experts agreeing on many security best practices, there remains a gap between their advice and users' behavior. One example is the low adoption of secure mobile payments in the United States, despite widespread prevalence of credit and debit card fraud. Prior work has proposed nudging interventions to help users adopt security experts' recommendations. We designed and tested nudging interventions based on protection motivation theory (PMT) and implementation intentions (II) to encourage participants to use secure mobile payments. We designed the interventions using an interview study with 20 participants, and then tested them in a longitudinal, between-subjects field experiment with 411 participants. In one condition, drawing on PMT, we informed participants about the threat of card fraud and the protection offered by mobile payments. In a second condition, we combined the PMT intervention with an II-based intervention, and asked participants to formulate a plan to m...
Modern smartphone platforms have millions of apps, many of which request permissions to access pr... more Modern smartphone platforms have millions of apps, many of which request permissions to access private data and resources, like user accounts or location. While these smartphone platforms provide varying degrees of control over these permissions, the sheer number of decisions that users are expected to manage has been shown to be unrealistically high. Prior research has shown that users are often unaware of, if not uncomfortable with, many of their permission settings. Prior work also suggests that it is theoretically possible to predict many of the privacy settings a user would want by asking the user a small number of questions. However, this approach has neither been operationalized nor evaluated with actual users before. We report on a field study (n=72) in which we implemented and evaluated a Personalized Privacy Assistant (PPA) with participants using their own Android devices. The results of our study are encouraging. We find that 78.7% of the recommendations made by the PPA ...
Online privacy policies are the primary mechanism for informing users about data practices of onl... more Online privacy policies are the primary mechanism for informing users about data practices of online services. In practice, users ignore privacy policies as policies are long and complex to read. Since users do not read privacy policies, their expectations regarding data practices of online services may not match a service's actual data practices. Mismatches may result in users exposing themselves to unanticipated privacy risks such as unknowingly sharing personal information with online services. One approach for mitigating privacy risks is to provide simplified privacy notices, in addition to privacy policies, that highlight unexpected data practices. However, identifying mismatches between user expectations and services' practices is challenging. We propose and validate a practical approach for studying Web users' privacy expectations and identifying mismatches with practices stated in privacy policies. We conducted a user study with 240 participants and 16 websites, ...
Simulatd Annealing (SA) procedures can potentially yield near-optimal solutions to many difficult... more Simulatd Annealing (SA) procedures can potentially yield near-optimal solutions to many difficult combinatorial optimization problems, though often at the expense of intensive computational efforts. The single most significant source of inefficiency in SA search is the inherent stochasticity of the procedure typically requiring that the procedure be rerun a large number of times before a near-optimal solution is found. This paper describes a mechanism that atteinpls to learn the structure of the search space over multiple SA runs on a given problem. Specifically, probability distributions are dynamically updated over multiple runs to estimate at different checkpoints how promising a SA run appears to be. Based on this mechanism, two types of criteria are developed that aim at increasing search efficiency: (1) a cutoff criterion used to determine when to abandon unpromising runs and (2) restart criteria used to determine whether to start a fresh SA run or restart search in the middle...
Nous montrons comment les mécanismes de confidentialité peuvent évoluer pour exploiter les modèle... more Nous montrons comment les mécanismes de confidentialité peuvent évoluer pour exploiter les modèles orientés ontologie et suivre le déploiement de Webs sémantiques. Testée dans le projet myCampus, l'architecture distribuée que nous présentons ici repose sur des règles pour le Web sémantique et le respect de la confidentialité ainsi que des services Web pour représenter les ressources personnelles et publiques. Des agents logiciels gèrent les échanges, notamment les agents e-Wallets responsables des ressources des utilisateurs.
Over the past few years, reverse auctions have attracted a lot of attention in the AI community. ... more Over the past few years, reverse auctions have attracted a lot of attention in the AI community. They offer the prospect of more efficiently matching suppliers and producers in the face of changing market conditions. Prior research has generally ignored the temporal and finite capacity constraints under which reverse auctioneers typi-cally operate. In this paper, we consider the problem faced by a reverse auctioneer (e.g. a manufacturer) that can procure key components or services from a number of possible suppliers through multi-attribute reverse auctions. This problem can also be viewed as a static abstraction of the procurement problem faced by agents in the new TAC'03 Supply Chain Trading Competition. Bids submitted by prospective suppliers include a price and a delivery date. The reverse auctioneer has to select a combination of supplier bids that will maximize its overall profit, taking into ac-count its own finite capacity and the prices and delivery dates offered by diff...
Earlier research in job shop scheduling has demonstrated the advantages of opportunistically comb... more Earlier research in job shop scheduling has demonstrated the advantages of opportunistically combining order-based and resource-based scheduling techniques. An even more flexible approach is investigated where each activity is considered a decision point by itself. Heuristics to opportunistically select the next decision point on which to focus attention (i.e., variable ordering heuristics) and the next decision to be tried at this point (i.e., value ordering heuristics) are described that probabilistically account for both activity precedence and resource requirement interactions. Preliminary experimental results indicate that the variable ordering heuristic greatly increases search efficiency. While least constraining value ordering heuristics have been advocated in the literature, the experimental results suggest that other value ordering heuristics combined with our variable-ordering heuristic can produce much better schedules without significantly increasing search.
CMU-ISR-17-118 / CMU-LTI-17-010--Privacy policies notify Internet users about the privacy practic... more CMU-ISR-17-118 / CMU-LTI-17-010--Privacy policies notify Internet users about the privacy practices of websites, mobile apps, and other products and services. However, users rarely read them and struggle to understand their contents. Also, the entities that provide these policies are sometimes unmotivated to make them comprehensible. Recently, annotated corpora of privacy policies have been introduced to the research community. They open the door to the development of machine learning and natural language processing techniques to automate the annotation of these documents. In turn, these annotations can be passed on to interfaces (e.g., web browser plugins) that help users quickly identify and understand relevant privacy statements. We present advances in extracting privacy policy paragraphs (termed segments in this paper) and individual sentences that relate to expert-identified categories of policy contents, using methods in supervised learning. In particular, we show that relevan...
As companies increasingly customize their products, move towards smaller lot production and exper... more As companies increasingly customize their products, move towards smaller lot production and experiment with more flexible customer/supplier arrangements, they increasingly require the ability to respond quickly, accurately and competitively to customer requests for bids on new products and efficiently work out supplier/subcontractor arrangements for these new products. This in turn requires the ability to rapidly convert standard-based product specifications into process plans and quickly integrate new orders with their process plans into existing production schedules across the supply chain. This paper describes IP3S, a blackboard-based agent for supporting integrated process planning/production scheduling across the supply chain. IP3S agents support concurrent development and dynamic revision of integrated process-planning/productionscheduling solutions across the supply chain, maintenance of multiple problem instances and solutions across the supply chain, flexible user-oriented ...
Mechanisms (especially on the Internet) have begun allowing people or organizations to express ri... more Mechanisms (especially on the Internet) have begun allowing people or organizations to express richer preferences in order to provide for greater levels of overall satisfaction. In this paper, we develop an operational methodology for quantifying the expected gains in economic efficiency associated with different forms of expressiveness. We begin by proving that the sponsored search mechanism (GSP) used by Google, Yahoo!, MSN, etc. can be arbitrarily inefficient. We then experimentally compare its efficiency to a slightly more expressive variant (PGSP), which solicits an extra bid for a premium class of positions. We generate random preference distributions based on published industry knowledge. We determine ideal strategies for the agents using a custom tree search technique, and we also benchmark using straightforward heuristic bidding strategies. The GSP's efficiency loss is greatest in the practical case where some advertisers ("brand advertisers") prefer top posit...
A key to agility in today's dynamic high-mix production environments is the ability to (1) ef... more A key to agility in today's dynamic high-mix production environments is the ability to (1) effectively coordinate production across multiple facilities, whether internal or external to the company, and (2) quickly and accurately evaluate new product/subcomponent designs and strategic business decisions (e.g., make-or-buy or supplier selection decisions) with regard to capacity and material requirements across the supply chain. This paper provides an overview of MASCOT ("Multi- Agent Supply Chain cOordination Tool"), a reconfigurable, multilevel, agent-based architecture for coordinated supply chain planning and scheduling aimed at supporting these functionalities. It reviews key innovative elements of the MASCOT architecture with a special emphasis on its support of real-time mixed-initiative "what-if " functionalities, enabling end-users at different levels within the architecture to rapidly evaluate alternative tradeoffs and their respective impact across t...
Global competition is putting a premium on the ability to manage risk through flexible and agile ... more Global competition is putting a premium on the ability to manage risk through flexible and agile web-enabled procurement practices. This article discusses the design of the 2007 “supply chain management – procurement challenge” (SCM-PC), a competition designed by the first three authors to evaluate the performance of mixed procurement strategies that balance risk through combinations of long-term, quantity-flexible contracts and one-off contracts. Specifically, the SCM-PC challenge revolves around a PC assembly scenario, where web-enabled trading agents developed by different teams compete for components required to assemble different types of PCs. Collectively the authors represent the top three entries in the 2007 procurement challenge. They present the strategies their teams developed for the competition, compare their performances, and discuss lessons learned from the competition.
Uploads
Papers by Norman Sadeh